On Wed, Feb 12, 2025 at 12:35 PM N2Z2 NZ2Z <[email protected]> wrote:
> Hello, I'm trying to set up a test environment with N Windows machines > that can be connected to via RDP. The idea is to have users connect to > Guacamole with a generic user account, and then ask for the individual > user's authentication during the RDP connection phase. > > The problem arises during configuration. Suppose I have a generic user who > logs into Guacamole, and then uses his user xxx to connect to the RDP > session of machine #1. I would like that session to be associated with that > user until logout, so that the second user yyy can connect with the generic > "user" to Guacamole and then connect with his user to the first free > machine, i.e. #2. Instead, as expected, user yyy tries to connect to the > first machine to which they are authorized and not to the first machine > that has free RDP. > > All this stems from the need to dynamically assign machines; in > production, potentially, I have no idea what users are working at a > specific time so I cannot assign machines in 1:1 mode (I would not have > enough to assign them 1:1). Moreover, there is often staff turnover, so I > would have to take into account all the new hires/resignations to change > the assignment. > > Obviously, nothing changes if I integrate authentication as xxx or yyy in > the first step in Guacamole, it was only to make the first step easier for > users. > > Is there a way to manage this?" > The first thing that comes to mind is that you might be looking for the "Balancing" connection group functionality: https://guacamole.apache.org/doc/gug/administration.html#connection-organization-and-balancing Basically, you can put individual connections under a "Balancing" group and then give users access to that balancing group, and Guacamole will try to balance the users across the connections in that group. You can set the limits of each connection in the group in terms of how many concurrent users can be connected to it. So, if each of your machines supports a single RDP connection, you set those limits on each connection, and Guacamole will only assign a single user to each connection. You can also set the "Session Affinity" option, where Guacamole will attempt to remember which connection a user was using and reconnect them to that specific connection, falling back to the next available one if that one is not available. -Nick >
